If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

It seems there are a lot different connections... connecting to *higher port numbers* I keep my system up-to-date with AVG, apply the latest OS updates, I also have spybot search and destroy up-to-date, and anti-malware well as hijack this. AVG found no threats, spybot only found one item which i deleted. I have my firewall enabled the one that comes with windows vista configured for inbound and outbound traffic. also, i'm behind a cisco router. Is there anything you would worry about if so, please let me know thanks mike.

Thanks for the help

Steve R Jones
Did you run Netstat with your browser open? If so, close it and try again.

Thank you for the fast reply. Yes, I did run netstat with the browser open while online. I was only on one website facebook. I'm going to close the browser which is;(google chrome) and i will open the comand prompt with no browsers open and here is the output:

Check your computer for p2p type programs having been installed and portforwarding in you router.

TCP 192.168.1.100:62728 8.19.18.172:
Now that line tells me your router is using port 62728 to connect to 8.19.18.172 in New York city. A ad server from the looks of things and yes those ad servers can really slow/mess things up.

Thank you for all the replies.

TCP 192.168.1.100

That is part of your local lan. A private IP number.

Check your computer for p2p type programs having been installed and portforwarding in you router.

TCP 192.168.1.100:62728 8.19.18.172:
Now that line tells me your router is using port 62728 to connect to 8.19.18.172 in New York city. A ad server from the looks of things and yes those ad servers can really slow/mess things up.

I know 192.168.1.100 is the one assigned to me from the router but i was not sure about the port it what using so thank you for the information i greatly appreciated.

Check your computer for p2p type programs having been installed and portforwarding in you router.

I looked through my system and didn't find any p2p applications. I scanned my system with spybot, malware antimalware, and AVG and hijack this and everything came out fine. However, when i check netstat -ano this is the latest output

Well go back into your firewall and go through the entries one by one and I'll bet you find several that you can kill.
Task scheduler is another place I have found quite a few HIDDEN items that I could remove..
From the line:
TCP 192.168.1.100:49216 209.107.220.188:443 ESTABLISHED 3524
I googled 209.107.220.188
and found it to be a server.
209.107.220.188 is A serverhttp://www.ip-adress.com/whois/209.107.220.188

Well i went through the firewall rules like you said and it had a few applications that were checked that didn't need to be. I'm not sure how this stuff even got on my system. I download things from the internet but i scan the application before i ever run it on my system. Have any other ideas tips, tricks etc,,, that would help ps; thank you for all your help

First, run TCPView as an administrator and grab the PIDs of any suspicious traffic source. Sometimes, the source is obvious (iexplore.exe, various updates, etc) other times you'll be stuck with svchost.exe with no way to know what is actually forcing connections.

Once you have the PIDs, you can use Process Explorer to check out the processes. If you locate the PID, and it's a nonsense process such as rundll or svchost, you can right click and hit properties to get the actuall command line that is/was used to load the process, including GUID and other relevant info.

First, run TCPView as an administrator and grab the PIDs of any suspicious traffic source. Sometimes, the source is obvious (iexplore.exe, various updates, etc) other times you'll be stuck with svchost.exe with no way to know what is actually forcing connections.

Once you have the PIDs, you can use Process Explorer to check out the processes. If you locate the PID, and it's a nonsense process such as rundll or svchost, you can right click and hit properties to get the actuall command line that is/was used to load the process, including GUID and other relevant info.

Code:

The tools worked great. I was able to end connections that i wanted to. it seemed there was something on my system doing outbound connections, I run virtual box in a server mode but i always make sure to disconnect and kill the connection. Thank you for the help. ps; heres the latest screen shot of the applications